Embedded Files
The first set of challenge circuits is now available. Register your team for the link!
The first set of challenge circuits is now available. Register your team for the link!
It'll be in the confirmation screen after you register. Existing team leaders should have received an email with the link.
Aims
Aims
The red teams will compete to recover locked designs. Teams will be judged on how many designs they attack, the success of those attacks (based on the criteria below), and the quality of their technical write-up and presentation.
Evaluation Criteria:---
Your submission will be evaluated based on your approach to find the following assets of the locked designs:
Finding the unlocking key sequence: If you can find the exact and entire key sequence, you will be awarded the highest score (as breaking the locking scheme).
Finding the added flip-flops: As the locking mechanism inserts extra flip-flops, one of your goals can be to find the added flip-flops. Maximum awarded score will be lower than criteria 1 (as it relates to downgrading the locking mechanism).
Finding inputs that are being used as key inputs: Identifying the primary inputs (or a subset) that is used as key inputs can be one of the attack targets. Successful identification of these inputs will score you some minimum credit.
Instructions
Instructions
Overview:---
You will be provided with two sets of gate-level netlists that are locked with the state space obfuscation algorithm [1][2]. One set comes with oracles, and the other one is oracle less. Each set contains:
Small benchmark
Medium benchmark
Large benchmark
As a red team, your goal is to break the locking mechanism and retrieve the unlocked design. For each netlist you will be provided a directory that contains the following (may differ for oracle-less designs):
Oracle or unlocked or ready-to-be-used netlist (for oracle-based attack model only)
Functional testbench for the oracle (for oracle-based attack model only)
10000 test patterns for the oracle (for oracle-based attack model only)
Locked netlist
Functional testbench for the locked netlist
10000+ test patterns for the locked netlist (key patterns to be inserted at the beginning)
The netlists are mapped to a technology library that is we will provide.
As a warm up, you have access to a toy “example” that directs you towards the self-evaluation of your attack. A (text) tutorial is also provided to walk you through the example and introduce you to the steps to follow while evaluating.
Evaluation Criteria:---
Your submission will be evaluated based on your approach to find the following assets of the locked designs:
Finding the unlocking key sequence: If you can find the exact and entire key sequence, you will be awarded the highest score (as breaking the locking scheme).
Finding the added flip-flops: As the locking mechanism inserts extra flip-flops, one of your goals can be to find the added flip-flops. Maximum awarded score will be lower than criteria 1 (as it relates to downgrading the locking mechanism).
Finding inputs that are being used as key inputs: Identifying the primary inputs (or a subset) that is used as key inputs can be one of the attack targets. Successful identification of these inputs will score you some minimum credit.
Deliverables:---
Submission of Findings: For each of the locked circuits you will be provided a directory. In each directory, you need to update the following documents based on your target and submit the entire directory along with all files (updated or as it is):
If you are attempting to report the unlocking key sequence, fill in the dotted lines of the “design/design_unlock_inputs.txt” file with key patterns. Use as many patterns as you may need and remove the dotted lines to keep only binary values in the file (0 & 1; nothing else). The mapping of each input pattern to specific primary input of the design must follow the pin mapping file “design/keyPortMapping.txt”.
If you are attempting to report the added flip-flops, update the file “design/addedFlops.txt” with the names of the flip-flops.
If you are attempting to report the key input names, update the file “design/keyInputs.txt” with the combinations of primary inputs. Remember, several combinations of primary inputs may have been used as key inputs in each cycle of the key sequence. You must report those groups. Listing only the names of individual key inputs does not count (unless one-bit key is being used).
Technical Report: To justify your findings of the above mentioned assets, you must provide a comprehensive report. The report must include the following technical details:
Detailed algorithm behind your attacking approach. If possible, provide your setup (along with binary, instructions, etc.) to reproduce the results by the blue-team.
Any assumptions being made.
Your findings (key sequence, names of added flip-flops, or primary inputs being used as key inputs, etc.) and correlation between your approaching algorithm and findings.
Any shortcomings of your approach (in case you are unable to extract what you desired to).
References:---
“You Break I Fix: A Collaborative Approach for Strengthening Sequential Obfuscation of Hardware Intellectual Property” by MM Rahman, T Meade, Y Jin, S Bhunia in Annual Government Microcircuit Applications & Critical Technology (GOMACTech) Conference 2020, CA, USA.
“HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection” by RS Chakraborty, S Bhunia in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems ( Volume: 28 , Issue: 10 , Oct. 2009 ).
Page updated
Report abuse